Facebook has just expanded its highly controversial Instant Personalization program — which allows select third-party sites to access some of your data without requiring you to login or ‘Connect’ — to popular movie reviews community Rotten Tomatoes. In a blog post announcing the news, Facebook says that the new feature will allow users to “immediately see the reviews most relevant to you, without having to register, search for friends, or fill out a profile.”

Instant Personalization was first announced at Facebook’s f8 conference in April. The feature gives sites that have received Facebook’s blessing the ability to access any information you’ve shared with ‘Everyone’ on Facebook as soon as you arrive at the third-party site, with no authentication required. At launch only three sites featured Instant Personalization: Yelp, Microsoft’s Docs.com, and Pandora — this is the first expansion since the April launch, and Facebook says that it will be expanding it slowly over the next few months. I suspect Facebook would have liked to begin rolling this out more broadly before now, but Instant Personalization sparked waves of privacy concerns as soon as it was announced.

The concept behind Instant Personalization is compelling: it offers the promise of a personalized web, where sites know what you’re interested in as soon as you arrive. But it’s rife with privacy issues. Instant Personalization drew fire from advocacy groups and even some senators, in part because it was initially frustratingly difficult to opt-out of (Facebook has since improved this).

Facebook makes the case that handing over this data to trusted third parties is reasonable, because it’s only handing over data that users have chosen to share with ‘Everyone’. Of course, for nearly a year now Facebook has been prodding users toward sharing more of their data under this less private setting.

The biggest push came last December, when it forced users to go through a new privacy wizard that encouraged users to share their Updates and other key information with ‘Everyone’ (I still believe this was the site’s most egregious privacy move to date). Later changes included forcing users to move their Interests, which could be previously hidden on profiles, to public ‘Likes’. In other words, a lot of people are sharing a significant amount of information with ‘Everyone’.

Facebook is taking baby steps with Instant Personalization, and for good reason — even without press and privacy advocates raising red flags about the issues here, there’s a distinct chance that people will totally freak out when they arrive at a site and it already knows who their friends are. But, as with every other privacy-related issue Facebook encounters, there’s a chance that its users simply won’t care — they’ll just like seeing reviews of their favorite movies as soon as they visit Rotten Tomatoes.

Here are some data points about the program that Facebook sent along:

Users control Instant Personalization – when they arrive at a site they can disable the experience, or they can turn off the program for all websites in their Facebook settings.

If you have previously opted out of the Instant Personalization program, you’ll continue to be opted out for any new sites.

Partner sites follow clear product/security/privacy guidelines and may only use your public information and friend lists to offer a more personalized experience.

All experiences are based on explicit actions (i.e. info you’ve typed into your profile or clicked “Like”); passive behavior (what you’re reading) is never surfaced.

User data is never transferred to ad networks. Update: Facebook also clarifies that “No revenue is ever exchanged as part of this program and user data cannot be transferred by partners to third-party ad networks.”

Expanding the program slowly over the next few months with a handful of partner sites where value to people is clear. Focused on verticals where you already find information through friends in the real world (examples like: reviews, food, travel, music, movies).